Cardholder Verification Methods - EMV Level 2
Cardholder Verification Methods
Depending on the MasterCard payment product or the country of the transaction, there are two types of cardholder verification methods (CVM): personal identification number (PIN) and signature.
In Europe, countries which are EMV L2 and Chip and sign compliance are :
- Poland, - Romania, - Czech Republic - Slovakia, - Slovenia, - Italia, - Turkei - etc ...
In certain transaction scenarios, a CVM may not be required. For example, in the processing of quick payment services (QPS) transactions and PayPass transactions below the MasterCard PayPass chargeback protection amount or Maestro PayPass ceiling limit, no signature or PIN is required.
PIN CVM
The security of the cardholder’s PIN is critical for preventing fraud, and therefore PIN entry must only be conducted on PIN-entry terminals that are certified as compliant with the Payment Card Industry PIN Transaction Security (PCI PTS) requirements. In accordance with MasterCard standards, the PCI requirements need to be met for PIN entry.
EMV offers various options for PIN verification, including online, offline plaintext and enciphered PIN. For contactless transactions, offline PIN is not supported. With the growth of mobile as a cardholder device, however, an additional option is now available: on-device cardholder verification. For additional information consult the PayPass–M/Chip Reader Card Application Interface Specification v3.0, also available as EMV Kernel C-2. These documents can be found at www.paypass.com and www.emvco.com, respectively.
To be clear, cardholder PINs must never be entered into the merchant’s mobile device unless the mobile device can be certified to the PCI PTS.
UNIQUE CHALLENGE
Currently, the keypads or touch screens on mobile devices are not capable of complying with the PCI PTS requirements. In the future, mobile device manufacturers intend to use technologies that can better secure the keypad, but these technologies are still in the early stages of development.
It is not yet known if mobile device keypads will ever be appropriate for PIN capture.
BEST PRACTICES FOR MPOS SOLUTION PROVIDERS
When considering the development of a PIN-capable MPOS solution, ensure that compliance with the PCI PTS requirements can be achieved.
BEST PRACTICES FOR MERCHANTS
Merchants must not capture cardholder PINs on their mobile devices or any other device that is not PCI PTS-compliant. Merchants interested in PIN acceptance should consult their acquirers or MPOS solution providers and consider MPOS sleeves and other external devices that are certified to the PCI PTS standard. Mobile Point-of-Sale Solutions Liens partenaires : plug in Magento et Prestashop pour caisse enregistreuse et commerce de proximité plug in Magento et Prestashop pour caisse enregistreuse et commerce de proximité plug in Magento et Prestashop pour caisse enregistreuse et commerce de proximité plug in Magento et Prestashop pour caisse enregistreuse et commerce de proximité plug in Magento et Prestashop pour caisse enregistreuse et commerce de proximité plug in Magento et Prestashop pour caisse enregistreuse et commerce de proximité plug in Magento et Prestashop pour caisse enregistreuse et commerce de proximité
Depending on the MasterCard payment product or the country of the transaction, there are two types of cardholder verification methods (CVM): personal identification number (PIN) and signature.
In Europe, countries which are EMV L2 and Chip and sign compliance are :
- Poland, - Romania, - Czech Republic - Slovakia, - Slovenia, - Italia, - Turkei - etc ...
In certain transaction scenarios, a CVM may not be required. For example, in the processing of quick payment services (QPS) transactions and PayPass transactions below the MasterCard PayPass chargeback protection amount or Maestro PayPass ceiling limit, no signature or PIN is required.
PIN CVM
The security of the cardholder’s PIN is critical for preventing fraud, and therefore PIN entry must only be conducted on PIN-entry terminals that are certified as compliant with the Payment Card Industry PIN Transaction Security (PCI PTS) requirements. In accordance with MasterCard standards, the PCI requirements need to be met for PIN entry.
EMV offers various options for PIN verification, including online, offline plaintext and enciphered PIN. For contactless transactions, offline PIN is not supported. With the growth of mobile as a cardholder device, however, an additional option is now available: on-device cardholder verification. For additional information consult the PayPass–M/Chip Reader Card Application Interface Specification v3.0, also available as EMV Kernel C-2. These documents can be found at www.paypass.com and www.emvco.com, respectively.
To be clear, cardholder PINs must never be entered into the merchant’s mobile device unless the mobile device can be certified to the PCI PTS.
UNIQUE CHALLENGE
Currently, the keypads or touch screens on mobile devices are not capable of complying with the PCI PTS requirements. In the future, mobile device manufacturers intend to use technologies that can better secure the keypad, but these technologies are still in the early stages of development.
It is not yet known if mobile device keypads will ever be appropriate for PIN capture.
BEST PRACTICES FOR MPOS SOLUTION PROVIDERS
When considering the development of a PIN-capable MPOS solution, ensure that compliance with the PCI PTS requirements can be achieved.
BEST PRACTICES FOR MERCHANTS
Merchants must not capture cardholder PINs on their mobile devices or any other device that is not PCI PTS-compliant. Merchants interested in PIN acceptance should consult their acquirers or MPOS solution providers and consider MPOS sleeves and other external devices that are certified to the PCI PTS standard. Mobile Point-of-Sale Solutions Liens partenaires : plug in Magento et Prestashop pour caisse enregistreuse et commerce de proximité plug in Magento et Prestashop pour caisse enregistreuse et commerce de proximité plug in Magento et Prestashop pour caisse enregistreuse et commerce de proximité plug in Magento et Prestashop pour caisse enregistreuse et commerce de proximité plug in Magento et Prestashop pour caisse enregistreuse et commerce de proximité plug in Magento et Prestashop pour caisse enregistreuse et commerce de proximité plug in Magento et Prestashop pour caisse enregistreuse et commerce de proximité
Labels: business development asia, Business development director mobile payment Europe; swiffpay europe, m-pos EMV Level2, M-POS projects in Europe
posted by Hugues Courcier at 9:37 AM
0 Comments:
Post a Comment
<< Home